How to Add Channel Security in Spring

By Arvind Rai, December 21, 2013

Spring security provides the feature to secure the URL patterns. For any URL pattern if we want to allow only HTTPS access, we have to do a small configuration in our spring security configuration. Any URL can be accessed via, HTTP or HTTPS or any. So to configure we do as below.

requires-channel in Spring Security

requires-channel is the attribute of intercept-url tag. It can accept three values https, http and any.
Find the sample declarations.

In the above code snippet the URL pattern /secure/** will be accessed via HTTPS. If we try to access by HTTP, then URL will automatically be redirected to HTTPS. Now find the complete example. In our example we have secured login URL by HTTPS.
security-config.xml